mirror of
https://github.com/danny-avila/LibreChat.git
synced 2025-12-17 00:40:14 +01:00
99f8bd2ce6
* Feature: Dynamic MCP Server with Full UI Management * 🚦 feat: Add MCP Connection Status icons to MCPBuilder panel (#10805) * feature: Add MCP server connection status icons to MCPBuilder panel * refactor: Simplify MCPConfigDialog rendering in MCPBuilderPanel --------- Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com> Co-authored-by: Danny Avila <danny@librechat.ai> * fix: address code review feedback for MCP server management - Fix OAuth secret preservation to avoid mutating input parameter by creating a merged config copy in ServerConfigsDB.update() - Improve error handling in getResourcePermissionsMap to propagate critical errors instead of silently returning empty Map - Extract duplicated MCP server filter logic by exposing selectableServers from useMCPServerManager hook and using it in MCPSelect component * test: Update PermissionService tests to throw errors on invalid resource types - Changed the test for handling invalid resource types to ensure it throws an error instead of returning an empty permissions map. - Updated the expectation to check for the specific error message when an invalid resource type is provided. * feat: Implement retry logic for MCP server creation to handle race conditions - Enhanced the createMCPServer method to include retry logic with exponential backoff for handling duplicate key errors during concurrent server creation. - Updated tests to verify that all concurrent requests succeed and that unique server names are generated. - Added a helper function to identify MongoDB duplicate key errors, improving error handling during server creation. * refactor: StatusIcon to use CircleCheck for connected status - Replaced the PlugZap icon with CircleCheck in the ConnectedStatusIcon component to better represent the connected state. - Ensured consistent icon usage across the component for improved visual clarity. * test: Update AccessControlService tests to throw errors on invalid resource types - Modified the test for invalid resource types to ensure it throws an error with a specific message instead of returning an empty permissions map. - This change enhances error handling and improves test coverage for the AccessControlService. * fix: Update error message for missing server name in MCP server retrieval - Changed the error message returned when the server name is not provided from 'MCP ID is required' to 'Server name is required' for better clarity and accuracy in the API response. --------- Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com> Co-authored-by: Danny Avila <danny@librechat.ai>
223 lines
7.4 KiB
TypeScript
223 lines
7.4 KiB
TypeScript
import { AccessRoleIds, ResourceType, PermissionBits } from 'librechat-data-provider';
|
|
import type { Model, Types, DeleteResult } from 'mongoose';
|
|
import type { IAccessRole } from '~/types';
|
|
import { RoleBits } from '~/common';
|
|
|
|
export function createAccessRoleMethods(mongoose: typeof import('mongoose')) {
|
|
/**
|
|
* Find an access role by its ID
|
|
* @param roleId - The role ID
|
|
* @returns The role document or null if not found
|
|
*/
|
|
async function findRoleById(roleId: string | Types.ObjectId): Promise<IAccessRole | null> {
|
|
const AccessRole = mongoose.models.AccessRole as Model<IAccessRole>;
|
|
return await AccessRole.findById(roleId).lean();
|
|
}
|
|
|
|
/**
|
|
* Find an access role by its unique identifier
|
|
* @param accessRoleId - The unique identifier (e.g., "agent_viewer")
|
|
* @returns The role document or null if not found
|
|
*/
|
|
async function findRoleByIdentifier(
|
|
accessRoleId: string | Types.ObjectId,
|
|
): Promise<IAccessRole | null> {
|
|
const AccessRole = mongoose.models.AccessRole as Model<IAccessRole>;
|
|
return await AccessRole.findOne({ accessRoleId }).lean();
|
|
}
|
|
|
|
/**
|
|
* Find all access roles for a specific resource type
|
|
* @param resourceType - The type of resource ('agent', 'project', 'file')
|
|
* @returns Array of role documents
|
|
*/
|
|
async function findRolesByResourceType(resourceType: string): Promise<IAccessRole[]> {
|
|
const AccessRole = mongoose.models.AccessRole as Model<IAccessRole>;
|
|
return await AccessRole.find({ resourceType }).lean();
|
|
}
|
|
|
|
/**
|
|
* Find an access role by resource type and permission bits
|
|
* @param resourceType - The type of resource
|
|
* @param permBits - The permission bits (use PermissionBits or RoleBits enum)
|
|
* @returns The role document or null if not found
|
|
*/
|
|
async function findRoleByPermissions(
|
|
resourceType: string,
|
|
permBits: PermissionBits | RoleBits,
|
|
): Promise<IAccessRole | null> {
|
|
const AccessRole = mongoose.models.AccessRole as Model<IAccessRole>;
|
|
return await AccessRole.findOne({ resourceType, permBits }).lean();
|
|
}
|
|
|
|
/**
|
|
* Create a new access role
|
|
* @param roleData - Role data (accessRoleId, name, description, resourceType, permBits)
|
|
* @returns The created role document
|
|
*/
|
|
async function createRole(roleData: Partial<IAccessRole>): Promise<IAccessRole> {
|
|
const AccessRole = mongoose.models.AccessRole as Model<IAccessRole>;
|
|
return await AccessRole.create(roleData);
|
|
}
|
|
|
|
/**
|
|
* Update an existing access role
|
|
* @param accessRoleId - The unique identifier of the role to update
|
|
* @param updateData - Data to update
|
|
* @returns The updated role document or null if not found
|
|
*/
|
|
async function updateRole(
|
|
accessRoleId: string | Types.ObjectId,
|
|
updateData: Partial<IAccessRole>,
|
|
): Promise<IAccessRole | null> {
|
|
const AccessRole = mongoose.models.AccessRole as Model<IAccessRole>;
|
|
return await AccessRole.findOneAndUpdate(
|
|
{ accessRoleId },
|
|
{ $set: updateData },
|
|
{ new: true },
|
|
).lean();
|
|
}
|
|
|
|
/**
|
|
* Delete an access role
|
|
* @param accessRoleId - The unique identifier of the role to delete
|
|
* @returns The result of the delete operation
|
|
*/
|
|
async function deleteRole(accessRoleId: string | Types.ObjectId): Promise<DeleteResult> {
|
|
const AccessRole = mongoose.models.AccessRole as Model<IAccessRole>;
|
|
return await AccessRole.deleteOne({ accessRoleId });
|
|
}
|
|
|
|
/**
|
|
* Get all predefined roles
|
|
* @returns Array of all role documents
|
|
*/
|
|
async function getAllRoles(): Promise<IAccessRole[]> {
|
|
const AccessRole = mongoose.models.AccessRole as Model<IAccessRole>;
|
|
return await AccessRole.find().lean();
|
|
}
|
|
|
|
/**
|
|
* Seed default roles if they don't exist
|
|
* @returns Object containing created roles
|
|
*/
|
|
async function seedDefaultRoles() {
|
|
const AccessRole = mongoose.models.AccessRole as Model<IAccessRole>;
|
|
const defaultRoles = [
|
|
{
|
|
accessRoleId: AccessRoleIds.AGENT_VIEWER,
|
|
name: 'com_ui_role_viewer',
|
|
description: 'com_ui_role_viewer_desc',
|
|
resourceType: ResourceType.AGENT,
|
|
permBits: RoleBits.VIEWER,
|
|
},
|
|
{
|
|
accessRoleId: AccessRoleIds.AGENT_EDITOR,
|
|
name: 'com_ui_role_editor',
|
|
description: 'com_ui_role_editor_desc',
|
|
resourceType: ResourceType.AGENT,
|
|
permBits: RoleBits.EDITOR,
|
|
},
|
|
{
|
|
accessRoleId: AccessRoleIds.AGENT_OWNER,
|
|
name: 'com_ui_role_owner',
|
|
description: 'com_ui_role_owner_desc',
|
|
resourceType: ResourceType.AGENT,
|
|
permBits: RoleBits.OWNER,
|
|
},
|
|
{
|
|
accessRoleId: AccessRoleIds.PROMPTGROUP_VIEWER,
|
|
name: 'com_ui_role_viewer',
|
|
description: 'com_ui_role_viewer_desc',
|
|
resourceType: ResourceType.PROMPTGROUP,
|
|
permBits: RoleBits.VIEWER,
|
|
},
|
|
{
|
|
accessRoleId: AccessRoleIds.PROMPTGROUP_EDITOR,
|
|
name: 'com_ui_role_editor',
|
|
description: 'com_ui_role_editor_desc',
|
|
resourceType: ResourceType.PROMPTGROUP,
|
|
permBits: RoleBits.EDITOR,
|
|
},
|
|
{
|
|
accessRoleId: AccessRoleIds.PROMPTGROUP_OWNER,
|
|
name: 'com_ui_role_owner',
|
|
description: 'com_ui_role_owner_desc',
|
|
resourceType: ResourceType.PROMPTGROUP,
|
|
permBits: RoleBits.OWNER,
|
|
},
|
|
{
|
|
accessRoleId: AccessRoleIds.MCPSERVER_VIEWER,
|
|
name: 'com_ui_mcp_server_role_viewer',
|
|
description: 'com_ui_mcp_server_role_viewer_desc',
|
|
resourceType: ResourceType.MCPSERVER,
|
|
permBits: RoleBits.VIEWER,
|
|
},
|
|
{
|
|
accessRoleId: AccessRoleIds.MCPSERVER_EDITOR,
|
|
name: 'com_ui_mcp_server_role_editor',
|
|
description: 'com_ui_mcp_server_role_editor_desc',
|
|
resourceType: ResourceType.MCPSERVER,
|
|
permBits: RoleBits.EDITOR,
|
|
},
|
|
{
|
|
accessRoleId: AccessRoleIds.MCPSERVER_OWNER,
|
|
name: 'com_ui_mcp_server_role_owner',
|
|
description: 'com_ui_mcp_server_role_owner_desc',
|
|
resourceType: ResourceType.MCPSERVER,
|
|
permBits: RoleBits.OWNER,
|
|
},
|
|
];
|
|
|
|
const result: Record<string, IAccessRole> = {};
|
|
|
|
for (const role of defaultRoles) {
|
|
const upsertedRole = await AccessRole.findOneAndUpdate(
|
|
{ accessRoleId: role.accessRoleId },
|
|
{ $setOnInsert: role },
|
|
{ upsert: true, new: true },
|
|
).lean();
|
|
|
|
result[role.accessRoleId] = upsertedRole;
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
/**
|
|
* Helper to get the appropriate role for a set of permissions
|
|
* @param resourceType - The type of resource
|
|
* @param permBits - The permission bits
|
|
* @returns The matching role or null if none found
|
|
*/
|
|
async function getRoleForPermissions(
|
|
resourceType: string,
|
|
permBits: PermissionBits | RoleBits,
|
|
): Promise<IAccessRole | null> {
|
|
const AccessRole = mongoose.models.AccessRole as Model<IAccessRole>;
|
|
const exactMatch = await AccessRole.findOne({ resourceType, permBits }).lean();
|
|
if (exactMatch) {
|
|
return exactMatch;
|
|
}
|
|
|
|
/** If no exact match, the closest role without exceeding permissions */
|
|
const roles = await AccessRole.find({ resourceType }).sort({ permBits: -1 }).lean();
|
|
|
|
return roles.find((role) => (role.permBits & permBits) === role.permBits) || null;
|
|
}
|
|
|
|
return {
|
|
createRole,
|
|
updateRole,
|
|
deleteRole,
|
|
getAllRoles,
|
|
findRoleById,
|
|
seedDefaultRoles,
|
|
findRoleByIdentifier,
|
|
getRoleForPermissions,
|
|
findRoleByPermissions,
|
|
findRolesByResourceType,
|
|
};
|
|
}
|
|
|
|
export type AccessRoleMethods = ReturnType<typeof createAccessRoleMethods>;
|